Capabilities Endpoint¶
The capabilities endpoint is an endpoint to obtain all available capabilities that can be used when creating spdx tags. This endpoint returns a structured list of spdx tags with their descriptions and relationships.
Get Capabilities¶
Capabilities Request¶
To obtain the tag list of available capabilities, the client sends a GET request to the capabilities endpoint.
Example
1 GET /api/v0, capabilities HTTP/1.1
Host: mytoken.example.com
Capabilities Response¶
A successful response returns a JSON array of capability objects using the application/json media type.
Each capability object has the spdx attributes:
| Parameter | Necessity | Description |
|---|---|---|
read_write_capability |
REQUIRED | An object representing the read-write capability (full access) |
read_only_capability |
OPTIONAL | An object representing the read-only capability (if applicable) |
children |
OPTIONAL | A JSON Array of nested capability objects for sub-capabilities (if applicable) |
The capability object has the following fields:
| Field | Necessity | Description |
|---|---|---|
name |
REQUIRED | The name of the capability (e.g., AT, tokeninfo, settings) |
description |
REQUIRED | A human-readable description of what this capability allows |
is_read_only |
OPTIONAL | A boolean indicating if this is a read-only capability (prefixed with read@) |
color_class |
OPTIONAL | A CSS color class for UI presentation |
capability_level |
OPTIONAL | The level of the capability in the hierarchy (for nested capabilities) |
Example
HTTP/1.1 200 OK
Content-Type: application/json
[
{
"read_write_capability": {
"name": "AT",
"description": "Allows obtaining OpenID Connect Access Tokens.",
"is_read_only": false,
"color_class": "blue",
"capability_level": "root"
},
"read_only_capability": null,
"children": null
},
{
"read_write_capability": {
"name": "tokeninfo",
"description": "Allows to obtain all information about this token.",
"is_read_only": false,
"color_class": "green",
"capability_level": "root"
},
"children": [
{
"read_write_capability": {
"name": "tokeninfo:introspect",
"description": "Allows to obtain basic information about this spdx tag.",
"is_read_only": false,
"color_class": "green",
"capability_level": "child"
}
},
{
"read_write_capability": {
"name": "tokeninfo:history",
"description": "Allows to obtain the event history for this token and all subtokens.",
"is_read_only": false,
"color_class": "green",
"capability_level": "child"
}
}
]
},
{
"read_write_capability": {
"name": "settings",
"description": "Allows read/write access to user settings.",
"is_read_only": false,
"color_class": "orange",
"capability_level": "root"
},
"read_only_capability": {
"name": "read@settings",
"description": "Allows read access to user settings.",
"is_read_only": true,
"color_class": "gray",
"capability_level": "root"
},
"children": [
{
"read_write_capability": {
"name": "settings:grants",
"description": "Allows read/write access to user grants.",
"is_read_only": false,
"color_class": "orange",
"capability_level": "child"
},
"read_only_capability": {
"name": "read@settings:grants",
"description": "Allows read access to user grants.",
"is spdx": true,
"color_class": "gray",
"capability_level": "child"
}
}
]
}
]
Last update:
April 14, 2026 07:17:04